Multimedia and other proprietary content is increasingly being made available in forms that can be received, processed, and presented in computers, or in sophisticated devices that share many of the characteristics of computers. Public networks such as the Internet can provide online selection and delivery of content in high-quality digital form. Even off-line media such as optical discs may have only specific rights granted, to a customer, such as playback for a limited time period. For customers, online delivery and sophisticated licensing increase timeliness and convenience. Publishers can realize lower delivery costs, reduced physical inventory, and other benefits. Unfortunately, these advantages are often outweighed by the ease of unauthorized access, copying, and other manipulation by the customer or by others.
Unauthorized copying of online and other digital content is becoming a significant problem. In the past, most premium content available on the World Wide web was of sufficiently low value that wholesale piracy was not attractive, and casual copying was not overly damaging to the content owner. Also, some digital media players already incorporate hardware protection against unauthorized access or manipulation. However, present and potential distributors increasingly desire to make available high-value content, and are increasingly fearful of both organized and casual theft of their rights.
New modes of distributing digital content frequently involve the transmission of a digital bit stream independently of a physically protectible medium, and manipulation by remote software and hardware over which the distributor has no control. These characteristics render the content especially susceptible to diversion by third parties, and to use by legitimate recipients of the content outside the scope of the license granted them by the distributors. Digital rights management is fast becoming an important concern as online commerce continues its rapid growth. Content distributors and the electronics industry must quickly develop technologies and protocols for ensuring that licensed digital content is guaranteed to be handled in accordance with the rights granted by its distributors. If adequate protection is not forthcoming, those who distribute premium content may be put out of business by widespread theft or, more likely, will refuse to deliver content in the otherwise desirable new ways that technology makes available. Digital data that is furnished to a user with restrictions upon its use will be referred to as licensed or premium content.
Traditional security systems do not adequately address this difficulty. Existing techniques for encrypting and storing data, and for authorizing and revoking user privileges have little effectiveness against legitimate users of the hardware and software that ultimately employ the data—and it is precisely those legitimate users who have both an interest and an ability to misuse the data. Traditional smart cards merely provide authentication and encryption. Cryptographic coprocessors provide higher-performance services and are programmable; but operating systems and other untrusted programs can employ their functions for unauthorized purposes.
Three broad categories of solution are available for this problem. One solution is to forego general-purpose computers altogether in favor of special-purpose tamper-resistant hardware for delivery, storage, and display of valuable digital content. This is the approach adopted by the cable industry, and appears to be the model for digital video disk (DVD) players. The second solution employs proprietary data formats and software, or software containers. The third solution modifies a general-purpose computer to support a model for client-side content security and digital rights management.
One approach within the third category of solutions introduces the concept of a secure operating system. Minimal hardware support can allow a personal computer or similar general-purpose machine to authenticate to remote distributors that the computer is running a copy of an operating system that is trusted to provide adequate protection for digital content, and that even a legitimate user in physical possession of the computer cannot vitiate this protection. Copending commonly assigned provisional patent application Ser. No. 60/105,891, filed on Oct. 26, 1998, entitled “System and Method for Authenticating an Operating System to a Central Processing Unit, Providing the CPU/OS With Secure Storage, and Authenticating the CPU/OS to a Third Party”, application Ser. No. 09/227,611, filed on Jan. 8, 1999, now U.S. Pat. No. 6,327,652, entitled “Loading and Identifying a Digital Rights Management Operating System”, application Ser. No. 09/227,568, filed Jan. 8, 1999, entitled “Key-Based Secure Storage”, and application Ser. No. 09/227,559, filed Jan. 8, 1999, entitled “Digital Rights Management Using One Or More Access Prediates, Rights Manager Certificates, And Licenses” describe aspects of this concept. Authenticating the proper booting and integrity of such a trusted operating system allows it to maintain secret keys and other data, and to prove to remote parties that it is running properly.
This solution works well. However, it requires constructing the entire operating system, as well as device drivers and other components, with the mechanisms for trusted operation. In the environment of relatively small systems, these problems need not be significant. Larger operating systems, such as the Windows2000® operating system available from Microsoft Corporation, have millions of lines of code, and thousands of individual modules, few of which have anything to do with digital rights management. Furthermore, such large operating systems are desirably open to extension and modification by third-party sellers of programs such as drivers, plug-ins, and utilities. It is difficult to ensure that all outside programmers comply with the rules required to preserve rights management, and a certification program could become onerous. Trusting entire operating systems also requires that bugs in any part of the system be remedied very quickly and thoroughly, because rights management involves the entire system.
The success of digital rights management in developing new methods of content delivery therefore still needs an architecture for protecting rights in digital content, in the environment of general-purpose, user-controlled equipment having large, multi-purpose operating systems.